PDF - This Chapter (238.0 KB)

C H A P T E R
11
Configuring Security Features for Cisco Unified
MeetingPlace Express
Revised: October 18, 2006, OL-11374-01
This chapter describes how to improve the security of your system.
Topics in this section include:
•
Security Recommendations For Your System, page 11-1
•
About Toll Fraud Prevention Options, page 11-2
•
How to Secure Your System, page 11-2
The content in this chapter applies in the following cases:
•
You have a Cisco Unified MeetingPlace Express system.
•
You have a Cisco Unified MeetingPlace Express VT system.
Security Recommendations For Your System
While your company may already have guidelines for restricting access to its computer systems, we also
recommend that you perform the tasks listed in Table 11-1.
Table 11-1
Security Recommendations for Cisco Unified MeetingPlace Express
Security Recommendation
Where to Find Information
Secure the server’s physical location. Keep the server in an area protected —
by a lock or a card-key system to prevent unauthorized access to the
system.
Keep the database current. Deactivate or delete the user profiles of
employees who leave the company.
Information About the Active, Inactive, and
Locked States of User Profiles, page 8-23
Change the default passwords for the preconfigured Admin profile.
Changing the Passwords for the Admin Profile,
page 1-2
Complete as many security-related tasks as are appropriate for your user How to Secure Your System, page 11-2.
base.
Related Topics
•
About Toll Fraud Prevention Options, page 11-2
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
OL-11374-01
11-1
Chapter 11
Configuring Security Features for Cisco Unified MeetingPlace Express
About Toll Fraud Prevention Options
About Toll Fraud Prevention Options
Cisco Unified MeetingPlace Express enables you to monitor and prevent toll fraud occurrences by doing
the following:
•
Restrict dial-out privileges to specific users by completing these tasks:
– Restricting Dial-Out Privileges for Guest Users, page 11-7
– Restricting Dial-Out Privileges for Profiled Users, page 11-8.
•
Monitor dial-out usage by completing these tasks:
– Running a Report about Port Utilization, page 10-12
– Exporting Information about Outgoing Calls, page 10-14
– Exporting Information about Meetings, page 10-7
Related Topics
•
Security Recommendations For Your System, page 11-1
How to Secure Your System
This section provides tasks that help improve the security of your system. Topics in this section include:
•
Configuring User Password Requirements, page 11-2
•
Limiting the Number of Failed User Login Attempts, page 11-3
•
Configuring Requirements for Meeting Passwords, page 11-4
•
Restricting Access to Scheduled Meetings and Recordings, page 11-5
•
Restricting the Use of Vanity Meeting IDs, page 11-6
•
Restricting Third Parties from Starting Reservationless Meetings, page 11-7
•
Restricting Dial-Out Privileges for Guest Users, page 11-7
•
Restricting Dial-Out Privileges for Profiled Users, page 11-8
Configuring User Password Requirements
You can increase the security of your Cisco Unified MeetingPlace Express system by doing the
following:
•
Requiring longer user passwords
•
Requiring users to change their passwords more frequently
Procedure
Step 1
Log in to Cisco Unified MeetingPlace Express.
Step 2
Click Administration at the top of the page.
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
11-2
OL-11374-01
Chapter 11
Configuring Security Features for Cisco Unified MeetingPlace Express
How to Secure Your System
Step 3
Step 4
Step 5
On the left side of the page:
a.
Click System Configuration.
b.
Click Usage Configuration.
In the Usage Configuration page, configure the following fields:
•
Minimum profile password length, page C-145—A higher value is more secure than a lower value.
•
Change profile password (days), page C-145—A lower value is more secure than a higher value.
•
Minimum user password length, page C-145—A higher value is more secure than a lower value.
•
Change user password (days), page C-145—A lower value is more secure than a higher value.
Click Save.
Tip
Remember that long passwords and frequent password changes may frustrate your users. Align your
password requirements with those already in use at your company.
Related Topics
•
Security Recommendations For Your System, page 11-1
•
About This Page: Usage Configuration, page C-144
Limiting the Number of Failed User Login Attempts
This topic describes how to configure the number of times in a session that a user can fail to log in to
Cisco Unified MeetingPlace Express before the user profile becomes “locked.” Users with locked user
profiles cannot log in.
Before You Begin
•
The preconfigured Admin profile cannot be locked.
•
Before reaching the maximum number of login attempts, the user may restart the counter for failed
login attempts by taking one of the following actions:
– Close the browser and open a new one to continue the login attempts.
– End the call to Cisco Unified MeetingPlace Express and begin a new call to continue the login
attempts.
•
Calls to the attendant are not supported if you use a SIP trunk to integrate Cisco Unified
MeetingPlace Express with Cisco Unified CallManager Release 4.x.
Procedure
Step 1
Log in to Cisco Unified MeetingPlace Express.
Step 2
Click Administration at the top of the page.
Step 3
On the left side of the page:
a.
Click System Configuration.
b.
Click Usage Configuration.
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
OL-11374-01
11-3
Chapter 11
Configuring Security Features for Cisco Unified MeetingPlace Express
How to Secure Your System
Step 4
In the Usage Configuration page, configure the following field:
•
Step 5
Maximum profile login attempts, page C-146—A lower value is more secure than a higher value.
Click Save.
Related Topics
•
Cisco Unified CallManager Restrictions for Integration in a SIP Environment, page 7-39
•
Security Recommendations For Your System, page 11-1
•
Information About the Active, Inactive, and Locked States of User Profiles, page 8-23
•
About This Page: Usage Configuration, page C-144
•
About the Admin Profile, page 8-21
Configuring Requirements for Meeting Passwords
You can increase the security of your Cisco Unified MeetingPlace Express system by doing the
following:
•
Requiring passwords for meetings scheduled by some or all users
•
Requiring longer meeting passwords
Meeting passwords prevent uninvited people from attending meetings.
Procedure
Step 1
Log in to Cisco Unified MeetingPlace Express.
Step 2
Click Administration at the top of the page.
Step 3
On the left side of the page, click Meeting Configuration.
Step 4
In the Meeting Configuration page, configure the following field:
•
Minimum meeting password length, page C-101—A higher value is more secure than a lower value.
Step 5
Click Save.
Step 6
On the left side of the page, click User Configuration.
Step 7
Take one of the following actions:
Step 8
Step 9
•
To configure a user group, click User Group Management.
•
To configure an individual user profile, click User Profile Management.
Take one of the following actions:
•
To configure an existing user group or user profile, click Edit.
•
To configure a new user group or user profile, click Add New. Configure the required fields, which
are marked with an asterisk.
Configure one of the following fields:
•
Password required, page C-12 (user group)—Select Yes.
•
Password required, page C-23 (user profile)—Select Yes.
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
11-4
OL-11374-01
Chapter 11
Configuring Security Features for Cisco Unified MeetingPlace Express
How to Secure Your System
Step 10
Click Save.
Step 11
Repeat Step 6 through Step 10 for all user groups and user profiles for which you want to require
meeting passwords.
Tips
Remember that the password must be communicated to the meeting invitees in order for them to join the
meeting:
•
Configure user groups and user profiles to include passwords in e-mail notifications. See the
“Configuring E-Mail Notification Settings for a User Group” section on page 14-5.
•
If not all meeting invitees will receive e-mail notifications, then the meeting scheduler or another
organizer must manually communicate the meeting password.
Related Topics
•
Security Recommendations For Your System, page 11-1
•
About This Page: Meeting Configuration, page C-97
•
About This Page: Add User Group, page C-9
•
About This Page: Add User Profile, page C-16
Restricting Access to Scheduled Meetings and Recordings
This topic describes how to restrict unprofiled users from taking the following actions:
•
Attend meetings that are scheduled by some or all users.
•
Listen to meetings recorded by some or all users.
Procedure
Step 1
Log in to Cisco Unified MeetingPlace Express.
Step 2
Click Administration at the top of the page.
Step 3
On the left side of the page, click User Configuration.
Step 4
Take one of the following actions:
Step 5
Step 6
•
To configure a user group, click User Group Management.
•
To configure an individual user profile, click User Profile Management.
Take one of the following actions:
•
To configure an existing user group or user profile, click Edit.
•
To configure a new user group or user profile, click Add New. Configure the required fields, which
are marked with an asterisk.
To restrict meeting attendance and access to meeting recordings to profiled users, configure one of the
following fields to “Users with Cisco Unified MeetingPlace Express profiles only”:
•
Who can attend, page C-12 (user group)
•
Who can attend, page C-23 (user profile)
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
OL-11374-01
11-5
Chapter 11
Configuring Security Features for Cisco Unified MeetingPlace Express
How to Secure Your System
Step 7
Click Save.
Step 8
Repeat Step 3 through Step 7 for all user groups and user profiles for which you want to restrict meeting
access to profiled users.
Tips
•
Remember that if meeting attendance is restricted to profiled users, then unprofiled external users
(such as your customers or business partners) and users with locked profiles cannot attend.
•
Similarly, if access to meeting recordings is restricted to profiled users, then unprofiled external
users (such as your customers or business partners) and users with locked profiles cannot access
these meeting recordings.
Related Topics
•
Security Recommendations For Your System, page 11-1
•
About This Page: Add User Group, page C-9
•
About This Page: Add User Profile, page C-16
Restricting the Use of Vanity Meeting IDs
By default, Cisco Unified MeetingPlace Express allows the meeting scheduler to request a specific
meeting ID, such as one that is easy to remember (12345) or one that spells a word (24726 or CISCO).
If, however, an uninvited person knows the phone number of your Cisco Unified MeetingPlace Express
server, then that person can easily guess a popular meeting ID and join a meeting that he is not authorized
to attend.
This topic describes how to prevent unauthorized meeting attendance by disabling the ability to request
a vanity meeting ID when scheduling a meeting. Instead, a unique, randomly generated ID is assigned
to every scheduled meeting. Users cannot change the assigned meeting IDs.
Procedure
Step 1
Log in to Cisco Unified MeetingPlace Express.
Step 2
Click Administration at the top of the page.
Step 3
On the left side of the page, click Meeting Configuration.
Step 4
In the Meeting Configuration page, configure the following field:
•
Step 5
Allow vanity meeting IDs, page C-101—Select No.
Click Save.
Related Topics
•
Security Recommendations For Your System, page 11-1
•
About This Page: Meeting Configuration, page C-97
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
11-6
OL-11374-01
Chapter 11
Configuring Security Features for Cisco Unified MeetingPlace Express
How to Secure Your System
What to Do Next
You can also prevent unauthorized meeting attendance in the following ways:
•
Requiring meeting passwords—See the “Configuring Requirements for Meeting Passwords” section
on page 11-4.
•
Restricting scheduled meeting attendance to profiled users—See the “Restricting Access to
Scheduled Meetings and Recordings” section on page 11-5.
Restricting Third Parties from Starting Reservationless Meetings
This topic describes how to configure the system so that only the meeting owner may start a
reservationless meeting.
Procedure
Step 1
Log in to Cisco Unified MeetingPlace Express.
Step 2
Click Administration at the top of the page.
Step 3
On the left side of the page:
Step 4
a.
Click System Configuration.
b.
Click Meeting Configuration.
In the Meeting Configuration page, configure the following field:
•
Step 5
Reservationless: Allow 3rd party initiate, page C-101—Select No.
Click Save.
Related Topics
•
Information About Reservationless Meetings, page 5-6
•
Security Recommendations For Your System, page 11-1
•
Information About the Active, Inactive, and Locked States of User Profiles, page 8-23
•
About This Page: Usage Configuration, page C-144
Restricting Dial-Out Privileges for Guest Users
This topic describes how to restrict guests from dialing out. By completing this task, only profiled users
who successfully log in to Cisco Unified MeetingPlace Express can dial out. This restriction can reduce
the potential for toll fraud.
Procedure
Step 1
Log in to Cisco Unified MeetingPlace Express.
Step 2
Click Administration at the top of the page.
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
OL-11374-01
11-7
Chapter 11
Configuring Security Features for Cisco Unified MeetingPlace Express
How to Secure Your System
Step 3
On the left side of the page:
a.
Click System Configuration.
b.
Click Usage Configuration.
Step 4
In the Usage Configuration page, set the Allow guest outdials field to No.
Step 5
Click Save.
Related Topics
•
Security Recommendations For Your System, page 11-1
•
About Dial-Out Features and Voice Prompt Languages, page 8-11
•
About Toll Fraud Prevention Options, page 11-2
•
Restricting Dial-Out Privileges for Profiled Users, page 11-8
•
Exporting Information about Outgoing Calls, page 10-14
•
About This Page: User Group Management, page C-152
•
About This Page: User Profile Management, page C-153
What to Do Next
To further restrict dial-out privileges on your system, proceed to the “Restricting Dial-Out Privileges for
Profiled Users” section on page 11-8.
Restricting Dial-Out Privileges for Profiled Users
This topic describes how to restrict dial-out privileges to specific user groups and user profiles.
Restricting dial-out privileges reduces the potential for toll fraud.
Procedure
Step 1
Log in to Cisco Unified MeetingPlace Express.
Step 2
Click Administration at the top of the page.
Step 3
Click User Configuration on the left side of the page.
Step 4
To restrict dial-out privileges for specific user groups, complete these steps:
a.
Click User Group Management.
b.
In the User Group Management page, select a user group and click Edit in the same row. The Edit
User Groups Details page appears.
c.
To restrict dial-out privileges, configure the following fields:
– Can call out of meetings—Set to No.
– Ask for profile password—Set to Yes.
d.
Click Save.
e.
Repeat Step 4 for all user groups whose dial-out privileges you want to restrict.
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
11-8
OL-11374-01
Chapter 11
Configuring Security Features for Cisco Unified MeetingPlace Express
How to Secure Your System
Step 5
To restrict dial-out privileges for specific user profiles, complete these steps:
a.
Click User Profile Management.
b.
In the User Profile Management page, select a user profile and click Edit in the same row. The Edit
user profiles details page appears.
c.
To restrict dial-out privileges, configure the following fields:
– Can call out of meetings—Set to No.
– Ask for profile password—Set to Yes.
d.
Click Save.
e.
Repeat Step 5 for all user profiles whose dial-out privileges you want to restrict.
Related Topics
•
Security Recommendations For Your System, page 11-1
•
About Dial-Out Features and Voice Prompt Languages, page 8-11
•
About Toll Fraud Prevention Options, page 11-2
•
Restricting Dial-Out Privileges for Guest Users, page 11-7
•
Exporting Information about Outgoing Calls, page 10-14
•
About This Page: User Group Management, page C-152
•
About This Page: User Profile Management, page C-153
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
OL-11374-01
11-9
Chapter 11
Configuring Security Features for Cisco Unified MeetingPlace Express
How to Secure Your System
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
11-10
OL-11374-01